The best laid plans of mice and men…

Entries Tagged as 'privacy'

I purchased a couple pairs of shorts the other day (Wednesday before Thanksgiving) and to my surprise the retailer ask me if I’d like them to record my driver’s license number to make any return easier (by swiping the information into the terminal).

WTF?

Last time I checked retailers were not entitled to the information on my driver’s license.

And this was particularly eerie to me because a group of my friends and I had been discussing an issue concerning the collection of personal data on consumers as part of the return process.

Of course, there’s not federal law that limits the amount of information a retail establishment can request (well — unless that transaction has to do with health care, and the HIPAA would require that you be provided with a privacy policy covering how the information could be used — but they can still ask).

To me, the moment the Patriot Act was signed American freedoms and privacy quickly started to spiral down the toilet; and I said it a decade ago and I’m still saying it — the law needs to be repealed.

I personally do not feel that retail stores are entitled to any personal information; that they should be required to honor their return policies as clearly posted; and that in order or collected and store personal information they must obtain a signed release at time of sale, and understand that they and their agents are fully and completely liable for any misuse of that information not explicitly contained in the signed release.

And while I don’t generally jump up and down about federal laws we need — we definitely need uniform consumer protection across this country.

Some states have a patchwork of laws that partially protect consumer privacy; but even in those states business have abused the laws because consumers don’t have a clear, consistent understanding of them — and I’ll point out that with more and more consumer transactions involving interstate commerce, only a federal law would really be able to insure consumer privacy.

Originally posted 2012-11-24 12:00:45.

Tags: ! ALERTS !, Legal by rogerComments Off on Retail Transactions and Privacy

I find more and more companies attempt to get as much personal information on me as they can.

I also find more and more companies mishandle the personal information that they have collected.

I just got a letter today from a transfer agent one of my previous employers used; apparently they “lost” a data backup set that contained my personal information, of course they assure me that there’s little chance of any of my personal information being misused. And offer to reimburse me for any expenses I might incur in obtaining a credit report, monitoring my credit, freezing access to my credit history — but I didn’t see in there any offer to compensate me for my time, or any loses that I might incur.

I think I’m just going to write them back, thank them for advising me of this information, and tell them that they may hire someone to manage and monitor misuse of information which they lost (most likely negligently); but that I will not incur any costs of money or time taking actions to protect myself from this incident, but I will hold them liable for any and all actual, consequential and potentially punitive damages should information they mishandled be used in any illegal activity.

My advice to companies that collect personal data is that they purge any at all personal data they have at the earliest possible time that they can legally do so. Failing to take such action makes companies that maintain personal data liable for an unauthorized disclosure of information; and I would say potentially criminally negligent.

Identity theft is a real problem, and credit bureaus make it all to easy for individuals who get a little bit of information about you to get your entire life’s story — and use your name (and credit) to make their life better and your life a living hell.

While there’s been improvements in legal recourse for identity theft, your best bet is to guard against it.

To make yourself a harder target, try some simple things like:

Elect on-line delivery of banking and credit card statements; utility bills; and anything else you can. It’s safe, it’s good for the environment, and it reduces the likelihood of mail theft.

Use on-line bill payment or pay bills with your credit card; it’s safe, convenient, and it reduces the likelihood of mail theft. Using your credit card may give you additional rights, and cash back.

Destroy paper items that have any personal information on them; cross-cut or confettie shreaders are the best, a fire place, or just mark it over and tear it by hand.

Destroy old credit cards, drivers licenses, passports, etc — make sure nothing with personal and confidential information on it goes in the trash.

Don’t give out your name or address to any one or on any site or on any phone call unless you know who you’re dealing with and there’s some advantage for you to do so.

Remove your name from mailing lists, refuse delivery of mail you didn’t request (that will cost the sender money generally and is more likely to get your name expunged from the list they use).

Part of the intent of the Gramm-Leach-Bliley Act (aka the Financial Modernization Act of 1999) and the rules and regulations for federal banking and credit unions was to put into effect requirements on financial institutions1 to safe-guard the personal, confidential, and financial information of their customers2.

On of the main parts of the law was that it required institutions to provide customers with their privacy policy which explained their information sharing and information safeguarding. However, because the law was heavily effected by lobbying, and even reviewed by large financial institutions before being considered by congress there are cases where institutions aren’t really subject to many limitations on what they can do with your information.

You might find it interesting that every large financial institution I have dealt with since the law was passed (ie Chase, Citi, Bank of America, Barclay, etc) have specifically allowed for an “opt-out” of the sharing for personal information for use both inside and outside the company (effectively limiting the information to be used only as require by law and as necessary for the maintenance of your account).

However, you have to be very careful about smaller institutions.

Credit Unions are in general very customer oriented, and most the time “do the right thing” — particularly when it comes to building a solid, long term customer relationship based on trust and respect. However, take a look at the “Privacy Pledge” for Gulf Winds Federal Credit Union3 (formerly Monsanto Employees Credit Union) http://www.gogulfwinds.com/page/privacy — WOW — that’s a really nice pledge to no privacy. In essence what it says is that they’ll use any information they collect on you (both public and non-public) and use it to the full extent allowed by law (I’d guess to profit from) and won’t allow a customer (or consumer) to “opt-out”.

How many ways can you say “non-customer focused”???

The moral of this, don’t assume you’re better off dealing with small “local” financial providers that might seem to have your interests in mind — you might actually end up getting better over all service and respect from a much larger financial provider.

I for one will be re-assessing my financial relationships; and likely terminating a few — and trying to convince congress to stand up to the financial services companies and actually pass a law that protects me.

1 The Financial Modernization Act of 1999 apply to banks, credit unions, securities firms, and insurance companies as well as a number of other type of companies providing financial services to consumers and is part of a larger framework of federal, state, and local banking laws.

2 The Financial Modernization Act of 1999 privacy requirements apply to customers; which are defined to be consumers (not business) with which the institution has a “long term” relationship (ie holds an account), and does not necessarily cover all consumers who might interact or transact with an institution.

3 You can find the same type of non-privacy policy at a number of smaller financial institutions; Gulf Winds is particularly sad because they refer to it as a “Privacy Pledge” rather than just a “Privacy Policy”.

Mid 2006 AT&T, Bell South (soon to be part of AT&T), and Verizon all turned over their phone call database to the National Security Agency just because they ask. Qwest refused, indicating to the NSA that they were required to obtain a subpoena before such information could be release.

Section 2702 of Title 18, part of the Electronic Communications Privacy Act, provides that “a provider of … electronic communication service [including telephone service] to the public shall not knowingly divulge a record or other information pertaining to a subscriber to or customer of such service … to any governmental entity” without the customer’s consent or a subpoena or court order. Under section 2707, carriers face civil liability, including minimum damages of $1,000 per violation, punitive damages, and attorneys fees. Government employees who participated in a violation also may face administrative discipline.

My questions is, since the NSA obtained such information illegally, why haven’t the telcos been fined, the information obtained by the NSA been destroyed, and the NSA employees who requested (and authorized the requests) been terminated?

I personally am tired of waiting for the restoration of my civil rights; the new administration has been in the White House for a year now, the honey moon is over — let’s stop hearing rhetoric, and start seeing action.

A few hours ago one of our systems accidentally sent you an invitation for a trial account in Landscape. The invitation was sent to you by mistake as a result of incorrect data in our contact database.

We’re working hard to ensure that this sort of thing won’t happen again. Please accept our sincere apologies for this accident.

Regards,
Jamshed Kakar
Landscape Project Manager

The only conclusion that I can draw is that information I used to apply for a job with Canonical a month ago or so was mishandled and made available for (mis)use by others in the company. Given that this has happened (clearly my information has been mishandled) it raises a concern as to how much Canoncial can be trusted handling any potentially sensitive or personal information…

Consider credit card numbers provided to them for support; contact information for sales or employment… the list goes on.

My advice — don’t trust any company with personal information that can obviously not be trusted to properly handle and safe guard that information.

I have requested that Canonical immediately remove any and all of my personal information from all of their databases (I certainly wouldn’t feel comfortable being employed by or doing business with such a company), maybe you should do the same.